Jérémy Dubois
5adeaa31e1
Some checks failed
continuous-integration/drone/push Build is failing
PacketFilter need to be customized only once, at the first use. After that, pf.conf will be modified on the server for the needs of the network. It must not be overwriten. |
||
|---|---|---|
| roles | ||
| tasks | ||
| vars | ||
| .drone.yml | ||
| .gitignore | ||
| CHANGELOG | ||
| CONTRIBUTING.md | ||
| evolixisation.yml | ||
| hosts | ||
| LICENSE | ||
| prerequisite.yml | ||
| README.md | ||
EvoBSD 6.7.2
EvoBSD is an ansible project used for customising OpenBSD hosts used by Evolix.
How to install an OpenBSD machine
Note : The system must be installed with a root account only. Put your public key in the remote root's autorized_keys (/root/.ssh/authorized_keys)
- Install ansible's prerequisites
ansible-playbook prerequisite.yml -CDi hosts -l HOSTNAME
- Run it
First use (become_method: su, and var_files uncommented) :
ansible-playbook evolixisation.yml --ask-vault-pass -CDki hosts -l HOSTNAME -u root
Subsequent use (become_method: sudo) :
ansible-playbook evolixisation.yml --ask-vault-pass -CDKi hosts -l HOSTNAME
Testing
Changes can be tested by using Packer and vmm(4) :
- This process depends on the Go programming language.
Packages
Needing a Golang eco system and some basics
pkg_add go-- packer-- git--
- We use the packer-builder-openbsd-vmm project to bridge Packer and vmm(4)
git clone https://github.com/double-p/packer-builder-openbsd-vmm.git
builds
Set GOPATH (default: ~/go), if the 1.4GB dependencies wont fit.
make
make install
- You need your unprivileged user to be able to run vmctl(8) through doas(1)
echo "permit nopass myunprivilegeduser as root cmd /usr/sbin/vmctl" >> /etc/doas.conf
See packer-builder-openbsd-vmm/examples/README.examples for further instructions
- Enable NAT on your host machine
pass out on em0 inet from tap0:network to any nat-to (em0)
assuming em0 is your egress interface
Contributions
See the contribution guidelines